Описание
Reflected XSS vulnerability in Jenkins VncViewer Plugin
VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint output.
This results in a reflected cross-site scripting (XSS) vulnerability.
VncViewer Plugin 1.8 escapes the parameter value in the output.
Пакеты
Наименование
org.jenkins-ci.plugins:vncviewer
maven
Затронутые версииВерсия исправления
<= 1.7
1.8
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.